Context
The FCA has published a new web page which states that although the National Cyber Security Centre (NCSC) is not aware of any current specific cyber threats to the UK following events in Ukraine, firms should be vigilant.
The FCA recommends that firms should review the NCSC’s guidance outlining actions all organisations should consider in response to the current situation. The FCA also encourages firms to review the NCSC’s Cyber Essentials scheme. Other useful links are available on the FCA’s web page.
Key points to note
The FCA mentions that firms should:
- Consider their ability and the ability of their third-party providers to withstand a cyber-attack.
- Take all appropriate steps to shore up their controls, including raising staff awareness that may, for example, include re-running staff ethical phishing campaigns.
- Consider if their staffing levels are appropriate to deal with an elevated cyber risk.
- Consider the implications of the continuing unrest and UK/US/EU sanctions and how that might impact it and its third-party providers including whether this could affect the delivery of important business services.
- Ensure that their business continuity and incident management arrangements are up to date, ensuring that the firm can continue to function and meet its regulatory obligations in the event of unforeseen disruption.
- Be ready to report material operational incidents to the FCA in a timely way.
Next actions
None – for information and awareness